Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unc…

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. T…

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache al…

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity be…

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's managem…

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose s…

ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vu…

Apache Superset up to and including 1.3.2 allowed for registered database connections password …

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,…

SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializ…

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is n…

D-Link DIR-100 4.03B07 has PPTP and poe information disclosure

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By…

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

Grand MA 300 allows a brute-force attack on the PIN.

UPSMON PRO configuration file stores user password in plaintext under public user directory. A …

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3…

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private c…

NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc2…

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently prot…

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMP…

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated …

General Electric D20ME devices are not properly configured and reveal plaintext passwords.

Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded c…

LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or Use…

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions…

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMe…

A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 m…

A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corres…

Status2k does not remove the install directory allowing credential reset.

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices…

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attack…

CGI Script Center News Update 1.1 does not properly validate the original news administration p…

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vu…

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a sessio…

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScr…

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701…

An information disclosure vulnerability manifests when a user or an application uploads unprote…